CVE-2019-13638
Description
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.089
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Apply a diff file to an original (USN-4071-1) patch_2.7.6-2ubuntu1.1_i386.deb | Linux |
| Apply a diff file to an original (USN-4071-1) patch_2.7.6-2ubuntu1.1_amd64.deb | Linux |
| Apply a diff file to an original (USN-4071-1) patch_2.7.6-3ubuntu0.1_i386.deb | Linux |
| Apply a diff file to an original (USN-4071-1) patch_2.7.6-3ubuntu0.1_amd64.deb | Linux |
| Apply a diff file to an original (USN-4071-1) patch_2.7.5-1ubuntu0.16.04.2_i386.deb | Linux |
| Apply a diff file to an original (USN-4071-1) patch_2.7.5-1ubuntu0.16.04.2_amd64.deb | Linux |
| patch security update(DSA-4489-1) patch_2.7.5-1+deb9u2_i386.deb | Linux |
| patch security update(DSA-4489-1) patch_2.7.5-1+deb9u2_amd64.deb | Linux |
| patch security update(DSA-4489-1) patch_2.7.6-3+deb10u1_amd64.deb | Linux |
| (RHSA-2019:2964) patch security update patch-2.7.1-12.el7_7.x86_64.rpm | Linux |
| (RHSA-2019:2964)Important: security update patch-debuginfo-2.7.1-12.el7_7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234